Episodes

  • Hiring for the Frontlines of Critical Infrastructure with Nathaniel Smith

    Hiring for the Frontlines of Critical Infrastructure with Nathaniel Smith
    Jul 9 2025
    Podcast: Bites & Bytes PodcastEpisode: Hiring for the Frontlines of Critical Infrastructure with Nathaniel SmithPub date: 2025-07-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat does it take to build a cybersecurity workforce capable of protecting the systems that keep the lights on and food on our plates? In this episode, host Kristin Demoranville is joined by Nathaniel Smith, Co-Founder and VP at SR2, a purpose-driven recruitment firm. Nathaniel, who specializes in hiring OT/ICS, brings over 14 years of recruiting experience and a refreshing dose of honesty to the challenges of hiring in critical infrastructure. Together, they explore what makes a strong Operational Technology (OT) candidate, why culture fit matters as much as technical skills, and how broken hiring processes often keep the best people out. For sectors like food and agriculture, where operational technology is directly tied to safety, production, and public trust, getting the right people into the right roles isn’t just important. It’s essential. --------------- Show Notes: Mike Holcomb’s Episode (here) SEC Ruling on Disclosure of Cyber Incidents (here) 📘 Sign up for early updates, exclusive previews, and launch news of Kristin’s book, “Securing What Feeds Us” (working title) here. 📖 Kristin will also be sharing updates, behind-the-scenes chaos, and the occasional existential crisis over on her personal Substack 🎤 Book Kristin Demoranville to speak at your conference, corporate event, or workshop. --------------- Episode Key Highlights 00:04:50 – OT as Public Service 00:08:27 – Recruiter Perspective in OT 00:09:42 – What Makes a Good OT Hire 00:12:04 – Trust and Floor Experience 00:13:59 – OT vs. IT Culture 00:18:09 – The Talent Shortage Myth 00:20:18 – Broken Hiring Systems 00:22:50 – Job Descriptions That Miss the Mark 00:27:00 – Current OT Hiring Trends 00:29:30 – Who’s Hiring in OT 00:32:00 – Community in OT 00:33:00 – Why Specialized Recruiting Matters --------------- 🎤 Bites and Bytes Podcast Info: Website: Explore all our episodes, articles, and more on our official Website. Merch Shop: Show your support with some awesome Bites and Bytes gear! Socials: TikTok; Instagram; LinkedIn; Substack --------------- 🛡️ About AnzenSage & AnzenOT AnzenSage is a women-owned cybersecurity advisory firm specializing in security resilience for the food, agriculture, zoo, and aquarium industries. AnzenSage offers practical, strategic guidance to help organizations anticipate risks and build resilience. Learn more about their offerings at anzensage.com.​ AnzenOT Industrial Cyber Risk — Simple. Smart. Swift. AnzenOT is the SaaS risk management platform built to bring clarity and control to Operational Technology (OT) cybersecurity. Designed for critical infrastructure sectors, AnzenOT translates technical risk into clear, actionable insight for decision-makers. Sign up for a free trial (here) Explore the platform at anzenot.com For demo requests or inquiries, email stuart@anzenot.com or kristin@anzenot.comThe podcast and artwork embedded on this page are from AnzenSage, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show more Show less
    36 mins
  • Breaking Down the IT-OT Wall: Why IT Cybersecurity Tools Fail on the Plant Floor

    Breaking Down the IT-OT Wall: Why IT Cybersecurity Tools Fail on the Plant Floor
    Jul 9 2025
    Podcast: Industrial Cybersecurity InsiderEpisode: Breaking Down the IT-OT Wall: Why IT Cybersecurity Tools Fail on the Plant FloorPub date: 2025-07-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino Busalachi and Craig Duckworth tackle a critical disconnect plaguing industrial organizations: the disconnect in understanding and communication between IT and OT regarding industrial cybersecurity. While some IT departments are investing in OT cybersecurity platforms, 85% of the data these tools collect is designed for OT teams to act upon. Unfortunately, plant floor personnel, system integrators, and OEMs working in these environments rarely get access to dashboards, asset inventories, or vulnerability reports.Organizations must move beyond the "oil and water" mentality between IT and OT. This means involving plant personnel in cybersecurity decisions, sharing data with trusted partners who "build the cars" (not just buy them), and recognizing that effective OT security requires collaboration with the people who live and breathe on the plant floor every day.Bottom Line: If you're not sharing cybersecurity data with your system integrators, OEMs, and plant operations teams, you're not practicing true IT-OT convergence. You're missing critical opportunities to improve your security posture where it matters most.Chapters:00:00:00 - Why Local Collaboration is Critical for Cybersecurity Success00:01:07 - Meet Dino and Craig: Experts in IT/OT Integration00:01:49 - Unpacking the Challenges of IT/OT Convergence00:02:28 - Why IT and OT Teams Often Struggle to Align00:04:48 - Building Collaborative Frameworks for Stronger Cybersecurity00:07:33 - The Role of CIOs and CISOs in Driving Change00:08:44 - Navigating the Complexities of Diverse Plant Environments00:10:23 - Partnering with Vendors to Enhance Security Outcomes00:11:16 - Key Questions to Evaluate System Integrators Effectively00:16:35 - Using Tabletop Exercises to Align IT and OT Teams00:22:20 - Closing Thoughts: Bridging the Divide for Unified CybersecurityLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show more Show less
    24 mins
  • How AI Became the Ultimate Cybersecurity Blind Spot: Understanding the Microsoft 365 Copilot Vulnerability

    How AI Became the Ultimate Cybersecurity Blind Spot: Understanding the Microsoft 365 Copilot Vulnerability
    Jul 8 2025
    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)
    Episode: How AI Became the Ultimate Cybersecurity Blind Spot: Understanding the Microsoft 365 Copilot Vulnerability
    Pub date: 2025-07-07

    Get Podcast Transcript →
    powered by Listen411 - fast audio-to-text and summarization



    In this episode, host Aaron Crow dives deep into the fast-evolving world of AI automation and its impact on cybersecurity. Aaron breaks down practical, real-world ways security professionals can leverage AI to streamline their workflows without breaking data loss prevention policies or putting proprietary information at risk.

    From drafting reports and playbooks to automating repetitive tasks and managing vulnerability data, Aaron offers actionable advice for using both public AI tools like ChatGPT and more advanced private AI models. He also addresses common fears CISOs and business leaders have about unsanctioned AI use in the workplace and shares tips for staying safe and compliant while taking advantage of AI’s efficiencies.

    Whether you’re in a large enterprise or a lean team with limited resources, you’ll come away with a fresh perspective on how to use AI responsibly to work smarter and protect your organization. Plus, Aaron invites listeners to share their own creative AI use cases and lessons learned. Let’s jump in and explore how to protect it all as AI advances.

    Key Moments :

    01:20 AI's Rising Role in Media

    03:22 Guidelines for Using AI Safely

    07:06 "AI Integration and Automation Strategies"

    10:03 Automating Windows Management Tasks

    14:29 Exploring AI for Personal Tasks

    Connect With Aaron Crow:

    • Website: www.corvosec.com
    • LinkedIn: https://www.linkedin.com/in/aaronccrow

    Learn more about PrOTect IT All:

    • Email: info@protectitall.co
    • Website: https://protectitall.co/
    • X: https://twitter.com/protectitall
    • YouTube: https://www.youtube.com/@PrOTectITAll
    • FaceBook: https://facebook.com/protectitallpodcast

    To be a guest or suggest a guest/episode, please email us at info@protectitall.co

    Please leave us a review on Apple/Spotify Podcasts:

    Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

    Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4



    The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show more Show less
    18 mins
  • The System Integrator’s Role in Supporting OT Security

    The System Integrator’s Role in Supporting OT Security
    Jul 4 2025
    Podcast: Industrial Cybersecurity InsiderEpisode: The System Integrator’s Role in Supporting OT SecurityPub date: 2025-07-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig Duckworth and Dino Busalachi discuss the critical but often overlooked or misunderstood role of system integrators (SIs) in industrial cybersecurity.Key Issues Identified:Organizations typically work with multiple specialized integrators across different facilities and systemsSome SIs lack cybersecurity expertise, focusing primarily on equipment functionalityEquipment can remain connected to networks for decades, with ownership and oversight changing hands over timeSystem integrators must exercise proper IT coordination to implement remote access solutions effectivelyRecommendations:IT and OT teams should collaborate more closely with system integrators on cybersecurity planningOrganizations need to evaluate their SIs' cybersecurity capabilities and partnershipsConsider standardizing on integrators with demonstrated cybersecurity practices and vendor certificationsApply the same due diligence used for IT vendor selection to OT system integratorsBottom Line: System integrators are essential partners in executing industrial cybersecurity strategies and protection. Organizations must actively engage them in security conversations and ensure they have the necessary skills and partnerships to implement secure solutions for their plant environments from the start.Chapters:00:00:00 - Real-World Ransomware Hits the Plant Floor00:00:52 - Meet the System Integrators Shaping Your OT Plant Floor Security00:01:17 - What System Integrators Really Do (and Don’t)00:04:13 - Remote Access: The Hidden Backdoor Nobody Sees00:08:34 - Why Ongoing Monitoring Is Non-Negotiable00:13:30 - How to Pick the Right System Integrator For Your Operations00:26:17 - Building Strong Partnerships with Your IntegratorsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show more Show less
    33 mins
  • The Evolution of Procurement in OT Security | OT Security Made Simple

    The Evolution of Procurement in OT Security | OT Security Made Simple
    Jul 3 2025
    Podcast: OT Security Made Simple
    Episode: The Evolution of Procurement in OT Security | OT Security Made Simple
    Pub date: 2025-07-01

    Get Podcast Transcript →
    powered by Listen411 - fast audio-to-text and summarization



    In this episode of OT Security Made Simple, Klaus Mochalski and Søren Knudsen discuss the evolving landscape of OT security in light of current geopolitical tensions. They explore how procurement processes have shifted, the importance of evaluating a broader range of security solutions, and the risks associated with relying on specific vendors. The conversation emphasizes the need for organizations to conduct thorough research and consider local providers to mitigate risks effectively.



    The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show more Show less
    24 mins
  • How to Harness AI Without Breaking Security or Corporate Policies

    How to Harness AI Without Breaking Security or Corporate Policies
    Jul 1 2025
    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)
    Episode: How to Harness AI Without Breaking Security or Corporate Policies
    Pub date: 2025-06-30

    Get Podcast Transcript →
    powered by Listen411 - fast audio-to-text and summarization



    In this episode, host Aaron Crow dives deep into the fast-evolving world of AI automation and its impact on cybersecurity. Aaron breaks down practical, real-world ways security professionals can leverage AI to streamline their workflows without breaking data loss prevention policies or putting proprietary information at risk.

    From drafting reports and playbooks to automating repetitive tasks and managing vulnerability data, Aaron offers actionable advice for using both public AI tools like ChatGPT and more advanced private AI models. He also addresses common fears CISOs and business leaders have about unsanctioned AI use in the workplace and shares tips for staying safe and compliant while taking advantage of AI’s efficiencies.

    Whether you’re in a large enterprise or a lean team with limited resources, you’ll come away with a fresh perspective on how to use AI responsibly to work smarter and protect your organization. Plus, Aaron invites listeners to share their own creative AI use cases and lessons learned. Let’s jump in and explore how to protect it all as AI advances.

    Key Moments :

    01:20 AI's Rising Role in Media

    03:22 Guidelines for Using AI Safely

    07:06 "AI Integration and Automation Strategies"

    10:03 Automating Windows Management Tasks

    14:29 Exploring AI for Personal Tasks

    Connect With Aaron Crow:

    • Website: www.corvosec.com
    • LinkedIn: https://www.linkedin.com/in/aaronccrow

    Learn more about PrOTect IT All:

    • Email: info@protectitall.co
    • Website: https://protectitall.co/
    • X: https://twitter.com/protectitall
    • YouTube: https://www.youtube.com/@PrOTectITAll
    • FaceBook: https://facebook.com/protectitallpodcast

    To be a guest or suggest a guest/episode, please email us at info@protectitall.co

    Please leave us a review on Apple/Spotify Podcasts:

    Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

    Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4



    The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show more Show less
    16 mins
  • Pedro Umbelino on Exploiting ATG Devices in Fuel Storage

    Pedro Umbelino on Exploiting ATG Devices in Fuel Storage
    Jun 29 2025
    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)
    Episode: Pedro Umbelino on Exploiting ATG Devices in Fuel Storage
    Pub date: 2025-06-29

    Get Podcast Transcript →
    powered by Listen411 - fast audio-to-text and summarization



    Pedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins the Nexus Podcast to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors.

    ATG systems are an industrial control system that monitors fuel levels inside storage tanks, including those at gasoline stations, military bases, hospitals, airports, and elsewhere. ATGs track fuel levels, and are meant to detect leaks, help with inventory management, and are key in regulatory compliance efforts.

    The vulnerabilities uncovered by Pedro and his team expose these systems to catastrophic risks, from environmental hazards to significant economic losses, including physical damage.

    Worse yet is that these systems are old and challenging to update.

    Read Bitsight's research here.

    Listen to the Nexus Podcast on your favorite podcast platform.



    The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show more Show less
    27 mins
  • EP 65: Hacking Critical Infrastructure Through Supply Chains

    EP 65: Hacking Critical Infrastructure Through Supply Chains
    Jun 28 2025
    Podcast: Error Code (LS 27 · TOP 10% what is this?)
    Episode: EP 65: Hacking Critical Infrastructure Through Supply Chains
    Pub date: 2025-06-24

    Get Podcast Transcript →
    powered by Listen411 - fast audio-to-text and summarization



    Critical Infrastructure software lacks the strict liability standards found in industries like automotive manufacturing, leading to minimal accountability for insecure products when they get exploited. Alex Santos, CEO of Fortress Information Security, explains how they’re typically hired by buyers of ICS equipment—such as utilities—to assess and mitigate supply chain risks, including working with OEMs to improve security.



    The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show more Show less
    30 mins